Skip Navigation

Connect 
BlackBerry UEM
 to your organization's 
OpenTrust
 software

To extend 
OpenTrust
 certificate-based authentication to devices, you must add a connection to your organization's 
OpenTrust
 software. 
BlackBerry UEM
 supports integration with 
OpenTrust
 PKI 4.8.0 and later and 
OpenTrust CMS
 2.0.4 and later. This connection is not supported by 
BlackBerry Dynamics
 apps.
Contact your organization’s 
OpenTrust
 administrator to obtain the URL of the 
OpenTrust
 server, the client-side certificate that contains the private key (.pfx or .p12 format), and the certificate password.
  1. On the menu bar, click 
    Settings
    .
  2. Click 
    External integration > Certificate authority
    .
  3. Click 
    Add an OpenTrust connection
    .
  4. In the 
    Connection name
     field, type a name for the connection.
  5. In the 
    URL
     field, type the URL of the 
    OpenTrust
     software.
  6. Click 
    Browse
    . Navigate to and select the client-side certificate that 
    BlackBerry UEM
     can use to authenticate the connection to the 
    OpenTrust
     server.
  7. In the 
    Certificate password
     field, type the password for the 
    OpenTrust
     server certificate.
  8. To test the connection, click 
    Test connection
    .
  9. Click 
    Save
    .
  • When you use the 
    BlackBerry UEM
     connection with 
    OpenTrust
     software to distribute certificates to devices, there may be a short delay before the certificates are valid. This delay might cause issues with email authentication during the device activation process. To resolve this issue, in the 
    OpenTrust
     software, configure the 
    OpenTrust
     CA and set "Backdate Certificates (seconds)" to 180.